package exploits

import (
	"fmt"
	"prismx_cli/core/jsFind"
	"prismx_cli/core/models"
	"strconv"
	"time"
)

// init 注册插件插件
func init() {

	models.Register(models.AppVulInfo{
		App:   "Web",
		Query: "protocol:\"http\"",
		Meta: models.VulMeta{
			Name:        "Suspected sensitive data",
			Tags:        []string{"information_leakage"},
			Author:      "一曲成殇",
			Description: "There is a sensitive data leakage vulnerability that attackers can exploit to obtain sensitive information.",
			Homepage:    "",
			Level:       3,
			References:  "",
			Solution:    "Delete sensitive information",
			CreateAt:    "2023-12-04",
			Available:   false,
			Steps: models.StepsMeta{
				VerifySteps: models.VerifySteps{
					VerifyGo: func(scheme, ip string, port int, duration time.Duration) (result models.VulResult) {

						ticker := time.NewTicker(duration + (5 * time.Second))
						defer ticker.Stop()

						url := scheme + "://" + ip + ":" + strconv.Itoa(port)

						js := jsFind.Machine{Target: url, JsFindList: make(chan jsFind.JsFind)}
						go js.Start(duration)
						for {
							select {
							case res, ok := <-js.JsFindList:
								if !ok {
									break
								}
								var data string
								for _, item := range res.Result {
									data += "\n" + item
								}
								result.Request += fmt.Sprintf("Type：%s\tSource：%s\n[Data]：%s\n\n", res.RuleName, res.Target, data)
								result.Response += fmt.Sprintf("Type：%s\tSource：%s\n[Data]：%s\n\n", res.RuleName, res.Target, data)
								result.State = true
								continue
							case <-ticker.C:
								result.Response = "Not found"
								break
							}
							break
						}
						return
					},
				},
			},
		},
	})
}
